Startup pitches snoop-proof (even NSA-proof) email

If you really don’t like the idea of the government (or anyone but the recipient for that matter) reading your email, you may want to check out ProtonMail, a new email service which claims to be immune from prying eyes.

The year-old company was founded in Geneva, Switzerland, by MIT, Harvard and CERN researchers upset by Edward Snowden’s disclosures about NSA data scooping procedures, according to a BostInno report. They wanted to create an email system that was even more secure than the Lavabit mail Snowden used, and so they set out to build ProtonMail.

Advertisement

The company’s locale is important given all the NSA and U.S. Patriot Act hullabaloo. ProtonMail’s servers are in Switzerland and the company is incorporated there, which gives it the purported advantage of being outside the scope of both U.S. and E.U. regulations, according to post in FreedomHacker. The idea is that Swiss-based ProtonMail can offer users a layer of legal privacy protection they cannot expect in other European countries.

We use only the most secure implementations of AES, RSA, along with OpenPGP. Furthermore, all of the cryptographic libraries we use are open source. By using open source libraries, we can guarantee that none of the encryption tools we are using have clandestinely built in back doors. We are constantly consulting security experts including IT scientists at CERN (the European Organization for Nuclear Research).

Co-founder Jason Stockman told BostInno that end users need not sweat the details — all that security stuff is under the covers — and they can also layer ProtonMail atop Gmail(s goog) if they like. With ProtonMail users can send messages to users on non-protected email services because the system uses symmetric encryption. When an encrypted message is sent to an non-ProtonMail user, the recipient gets a link to load the encrypted message into their browser which they decrypt using a passphrase the sender shares. ProtonMail users can also opt to send self-destructing messages — a sort of Snapchat for mail.

It’s sort of hard to gauge the demand for hardcore services like this. Granted, no one likes the idea of non-authorized users reading their mail, but inertia is high for many. Still if it’s as easy to use as advertised and is free for moderate users — which it is — why not check it out? Power users pay $5 per month.

That’s great in theory, but Heart Bleed has shown how open source really works – it sits there for a while with a enormous bug and eventually, a couple of years later, some researchers find the bug. That is an unacceptable time lag for security-critical software.

Open-source crypto is not perfect crypto and probably isn’t even the best crypto. The best crypto is created by dedicated security engineers who have been designing software (and/or hardware) for years. Those engineers are both anal and paranoid – and who wants to be both?